A Multiple Layers Approach to Computer Security

Over the years, I have found that there is no one best way to keep a computer safe from viruses. I have come to the realization that the only practical way to beat malware is to use teamwork — in other words, to create a multiple layers approach to computer security.

What does this multiple layers approach encompass? It means simply to use several of the best tools available to secure each part of a computer system that could get attacked, infected, or hacked.

What will you learn in this post?

I will show you:

how malware could get in to your computer

how to mitigate the threat of a malware intrusion in to your computer

which specific settings to use to minimize the risk of malware intrusion

which specific software programs to use to create a super strong defense against malware

which specific software programs to use to keep your computer clean of junk data

what common sense steps you can take to further improve your multiple layers approach to computer security

Multiple computer security layers

Two Ways Malware Gets In

Malware can get into your computer in one of two ways — via the internet or from a local data storage unit (CD, DVD, USB drive, etc.).

The most usual way to get infected is that the user does something stupid. For example, opens an attachment or a link from a scammy email. Or visits an unsafe site online. Or downloads pirated software, which often includes malware packaged into it. Or just copies some weird files from a friend’s CD or external drive to his or her computer.

In some rare cases your computer might get infected simply by inserting a USB thumb drive into your computer. So, if you see a USB thumb drive just lying around on the street or on the office floor, don’t pick it up and insert it into your USB port.

As you can see, the one common denominator of most malware infections is an unwanted user action. If your company has its own corporate network, the best way to prevent malware from entering the network is to create strict policies that all users have to follow.

However, in this post, I want to focus on solutions for home users, not corporate networks.

Router Setup

Everyone is connected to the internet nowadays. And so, the first point of contact your computer has with the outside world is your router.

In the multiple layers approach to computer security, setting up your router correctly is most important.

There are some very simple router settings you can utilize to massively improve the safety of your web-connected computer.

1. Admin Password

Change your router’s factory default admin password. This is a no-brainer. There are lists of default passwords available on the internet for free.

2. Traffic Encryption

Make sure to use the strongest possible encryption for the data going through your router. Never use the Wired Equivalent Privacy (WEP) algorithm.

Use WPA2-Personal with a strong PSK and TKIP for traffic encryption

For your home network, go with WPA2-Personal. WPA is short for Wi-Fi Protected Access.

And, again, very importantly, make sure that you use a strong password as your Pre-Shared Key (PSK). You should use a random, at least 20-characters long string to make the key serve its purpose. Remember, WPA2 still can be cracked, so having an extremely strong password is very important.

4. UPnP

5. Wi-Fi Protected Setup

Created by the Wi-Fi Alliance in 2006, this security standard is vulnerable to brute-force attacks and should be disabled.

Disable wi-fi protected setup

6. Access Restriction

It is a good idea to enable access restrictions to your router based on the MAC addresses of the connecting devices. This setting doesn’t prevent MAC address spoofing, but weeds out the less talented attackers.

Enable MAC address filtering

Firewalls

After taking care of your router, the next stop in our multiple layers approach is your computer’s firewall. A firewall controls all the incoming and outgoing network traffic on your computer.

Windows comes with a basic firewall pre-installed. Be sure to use it. You can find it under Control Panel > System and Security > Windows Firewall.

Windows Firewall

For a more advanced and customizable firewall, I recommend using Comodo Free Firewall. Using this piece of software, you can monitor all incoming and outgoing traffic.

Comodo Firewall

Comodo’s firewall also notifies you with a popup message whenever an unknown or first used program tries to connect to the internet. You can then decide how to treat that program — allow it, block it, or specify a rule for it.

The WinPatrol Family

After the most straightforward intruders are taken care of by the firewall, it’s time to take a look at the more sneaky intrusions, such as unwanted system changes and potentially unwanted programs (PUPs).

Your computer is full of software programs doing, in many cases, almost anything they want. Reigning in their capabilities is the next step in the multiple layers approach to computer security.

I have been using WinPatrol for years to keep an eye on threats of this kind. WinPatrol informs you with a popup when a program (usually a newly installed one) tries to add a new service to the list of startup services. You can decide whether you wish to allow or deny each new entry.

It is also a very useful tool in finding out what processes are running in memory. And, of course, you can shut down any process and remove them from the list of services scheduled to run after the next reboot. This is extremely helpful when cleaning up virus infections. Obviously, with the setup I am describing here, you should never experience an infection.

Then, a year ago WinPatrol’s vendor came out with two new products — WinPrivacy and WinAntiRansom.

WinPrivacy gives you total control over which programs that are already installed on your computer you allow or don’t allow to connect to the internet. For example, I don’t like to get automatic updates for Adobe or Google software on my computer. So I simply block their connections.

WinPrivacy Plus Explorer — Blocked Programs

WinAntiRansom is the best program in the fields of antiransomware and zero-day threat protection.

Antivirus Programs

Only after all these steps do we arrive at the standard antivirus programs in our multiple layers approach. This is so because antivirus programs are really not that great in protecting you against the more intelligent (and nasty) kind of malware. But they do a good job in spotting the everyday bad stuff, so they still have a place in my multiple layers approach to computer security.

You can imagine your antivirus software as an agent with a database of all known malware that checks every process that gets started on your computer. The databases of all major antivirus programs are constantly updated (several times a day, actually), so the better antivirus programs do catch most of the malware out there. That’s because most of the malware is really just slightly changed copies of already known malware.

For some time, I was using Microsoft Security Essentials, AVG, and Malwarebytes Anti-Malware. But all the conflicts and irregularities among them forced my hand.

AVG Online Shield disabled

Now, I have only Comodo Internet Security installed, simply because I already had Comodo Firewall installed. Comodo Internet Security is free and is also handy because it becomes part of the Comodo family of products. All Comodo programs (firewall, antivirus, sandbox) are located in one place and can be accessed using one icon.

I also use Malwarebytes Anti-Exploit which automatically starts up whenever I launch a browser or an email client. It helps keep my computer safe from online attacks.

Is your Windows computer running much more slowly than when you first started it up? Unnecessary and unwanted files tend to build up over time on a hard drive.

Lately, I have been using Wise Care 365 Pro which replaces all of the free programs mentioned in the above referenced posts. And, best of all, it costs only $30.

Protect Your Kids

If there are small children connecting to the internet in your home, I also recommend using K9 Web Protection by Blue Coat Systems. It’s completely free and goes a long way in protecting your children from all the nastiness that can be all-too-easily found online.

Browser Add-ons

You can further improve your online security and privacy by using the following browser add-ons:

Privacy and security concerned users might find it annoying that they are constantly tracked while online. They should use tracker blocking software.

Common Sense Things in a Multiple Layers Approach

When online, it is good to think about the fact that a lot of people can get access to your metadata — i.e. what sites are you visiting, when, for how long, what is your behavioral pattern on those websites, where do you go next, and much much more.

The following common sense choices can drastically reduce your metadata footprint and even hide your true identity from any observers:

Before installing a program, scan the installation package with at least two current antivirus programs. Or, even better, check them via virustotal.com.

Use KeePass, so that you don’t use stupid passwords and don’t have to remember complex pass-phrases.

Final Thoughts

My hope is that this overview will help some people overcome their fear of all the threats and infections lurking out there, waiting to get inside their computers.

By building out a logical, well thought through, multiple layers security system, you can defend yourself against virtually all attacks. And unless you let a malware in by doing something stupid, there is no need to panic.

Multiple computer security layers

I will write up a similar post about the procedures of cleaning up a malware infection, in case the unthinkable has already happened.